Last active
October 6, 2021 16:36
-
-
Save linuskendall/8ddcbf5fee4a32ab4e043f9f178fe2b9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PUBLIC_INTERFACE=eth0 | |
| # This assumes symmetric connection - for asymmetric connections need some more params | |
| TOTAL_BANDWIDTH=1000mbit | |
| # The following params would guarantee staked validaotrs 300 mbps undisturbed and | |
| # limit other traffic to 500 mbps. | |
| # Maximum bandwidth to staked validator | |
| STAKED_VALIDATOR_BANDWIDTH=800mbit | |
| STAKED_VALIDATOR_BURST_BANDWIDTH=${TOTAL_BANDWIDTH} | |
| # Maximum bandwidth to other nodes | |
| DEFAULT_BANDWIDTH=500mbit | |
| DEFAULT_BURST_BANDWIDTH=${TOTAL_BANDWIDTH} | |
| #### Clean out | |
| tc qdisc del dev ${PUBLIC_INTERFACE} root 2> /dev/null > /dev/null | |
| iptables -t mangle -F | |
| iptables -t mangle -X QOS | |
| # borrow from arch wiki | |
| if [ "$1" = "stop" ] | |
| then | |
| echo "Shaping removed on ${PUBLIC_INTERFACE}." | |
| exit | |
| fi | |
| # default root qdisc | |
| tc qdisc add dev ${PUBLIC_INTERFACE} root handle 1: htb default 50 | |
| # add the maximum total bandwidth | |
| tc class add dev ${PUBLIC_INTERFACE} parent 1: classid 1:1 htb rate ${TOTAL_BANDWIDTH} burst 15k | |
| # set the validator class bandwidth | |
| # create as many classes as we wish and just divide these up by stake | |
| tc class add dev ${PUBLIC_INTERFACE} parent 1:1 classid 1:2 htb rate ${STAKED_VALIDATOR_BANDWIDTH} ceil ${STAKED_VALIDATOR_BURST_BANDWIDTH} burst 15k | |
| # add the default bandwidth | |
| tc class add dev ${PUBLIC_INTERFACE} parent 1:1 classid 1:50 htb rate ${DEFAULT_BANDWIDTH} ceil ${DEFAULT_BURST_BANDWIDTH} burst 15k | |
| # set sfq on anything below above classes (rec from arch wiki) | |
| tc qdisc add dev ${PUBLIC_INTERFACE} parent 1:2 handle 10: sfq perturb 10 | |
| tc qdisc add dev ${PUBLIC_INTERFACE} parent 1:50 handle 20: sfq perturb 10 | |
| # add tc filter that can be used for iptables | |
| tc filter add dev ${PUBLIC_INTERFACE} protocol ip parent 1:0 prio 1 handle 2 fw flowid 1:2 | |
| ##### Iptables | |
| # mark outgoing bandwidth (from arch/openwrt src) | |
| iptables -t mangle -N QOS | |
| iptables -t mangle -A PREROUTING -i ${PUBLIC_INTERFACE} -j QOS # ingress - INPUT/FORWARD | |
| iptables -t mangle -A OUTPUT -o ${PUBLIC_INTERFACE} -j QOS # egress - OUTPUT | |
| # With this, staked validators can be given a handle in iptables which will guarantee them the class 2 | |
| # | |
| # Can also use the following to have separate policies for egress/ingress in case connection is not symmetric | |
| # @TODO fetch all validator ips, check stake and add them to --set-mark 2, can make the stake requirements > XXX | |
| iptables -t mangle -A QOS --dst 132.121.239.111/32 -j MARK --set-mark 2 | |
| iptables -t mangle -A QOS --src 132.121.239.111/32 -j MARK --set-mark 2 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment